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(57) Abstract: A method, system, and computer program product that provides the capability to manage, control, and reconfig- 
^ ure wireless devices remotely over a wireless network with acceptable reliability and security. A method for remotely managing a 

O wireless device over a telecommunications network comprising a server and the wireless device, the method comprises the steps of 
establishing a communicative connection between the server and the wireless device over a packet radio channel of the telecommu- 
^ nications network, transmitting a command from the server to the wireless device over the packet radio channel, and executing the 
1^ command at the wireless device. 
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SYSTEM AND METHOD FOR WIRELESS DATA TERMINAL MANAGEMENT 
USING GENERAL PACKET RADIO SERVICE NETWORK 

Cross-Reference to Related Applications 

This application is a continuation-in-part of U.S. Application No. 09/925,536, filed August 
10, 2001, which claims the benefit of provisional application 60/251,034, filed December 5, 2000. 

5 Field of the Invention 

The present invention relates to a system and method for providing remote over the air 
management (OTM) of wireless data temiinals over an Internet Protocol (IP) transport mechanism 
used in a General Packet Radio Service (GPRS) network. Management includes over the air, 
locking/unlocking the terminal; zapping/deleting contents fi-om the terminal; terminal password 
10 management; managing and monitoring device resources; data application distribution and 
application configuration on the wireless terminal. 

Background of the Invention 

Currently, there are various implemented and proposed protocols to manage, control, and 
1 5 reconfigure computer systems remotely over a network via a central console. Such protocols are 
designed for an environment in which the computer systems to be managed are connected to the 
central console by fixed wiring, such as twisted pair wire, coaxial cable, or fiber optic cable. 
Management and control methods for networks that utilize fixed wiring assume that ttie network is 
quite reliable. In addition, many protocols are designed for a controlled network environment, such 
20 as a local area network, in which the computing environment is secure. Such security may be 
provided by use of a firewall to connect the local area network to other networks. 

However, networks utilizing fixed wiring are limited in that in mobile devices cannot be 
configured onto a fixed network and so cannot be utilized. In addition, in many situations, the 
installation of the fixed wiring may be expensive or infeasible. Wireless networks provide these 
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capabilities that fixed networks lack. Thus, a need arises for a technique that will allow data 
terminals to be remotely managed, controlled, and reconfigured using a wireless network. Network 
considerations in a wireless network are different that those in a fixed network. For example, 
wireless connections are not as reliable as fixed connections, due to interference and other reception 
5 difficulties. In addition, security considerations in a wireless network are different, in that wireless 
signals carrying data are much more subject to interception than are signals carrying data in a fixed 
network. 

Signaling networks in wireless telecommunications have been used for device 
activation/provisioning, voice call set up/tear down and providing messaging service such as Short 
1 0 Message Service (SMS) and instant messaging service. However, a need arises for a technique that 
provides the capability for more advanced management of wireless devices, as well as the capabiUty 
to control and reconfigure wireless devices remotely over a wireless network with acceptable 
reliability and security. 

1 5 Summary of the Invention 

The present invention is a method, system, and computer program product that provides the 
capability to manage, control, and reconfigure wireless devices remotely over a wireless network 
with acceptable reliability and security. In one embodiment, the present invention is a method for 
remotely managing a wireless device over a telecommunications network comprising a server and 

20 the wireless device, the method comprising the steps of: establishing a communicative connection 
between the server and the wireless device over a packet radio channel of the telecommunications 
network, transmitting a command fi-om the server to the wireless device over the packet radio 
channel, and executing the command at the wireless device. 

In one aspect of the present invention, the packet radio channel of the telecommunications 

25 network comprises a General Packet Radio Service channel. The transmitting step may comprise 
the step of transmitting the command to a management agent process executing on the wireless 
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device. The transmitting step may comprise the step of transmitting the command to a management 
agent process executing on the wireless device in a Short Message Service message. 

In one aspect of the present invention, the transmitting step comprises the step of 
transmitting the command to a management agent process executing on the wireless device. The 
connection may be established periodically or the connection may be established based on a 
threshold condition. 

In one aspect of the present invention, the command comprises one of: enabling/disabling 
access of the wireless device to the server, enabling/disabling appHcations that may run on the 
wireless device, erasing all or part of contents of the wireless device, transmitting new programs and 
data to the wireless device, querying a current state of the wireless device, monitoring a level of a 
battery in the wireless device, monitoring a location of the wireless device in the wireless network, 
and reconfiguring applications that may run on the wireless device. 

In one aspect of the present invention, the method further comprises the step of transmitting 
information relating to execution of the command at the wireless device &om the wireless device to 
the server. The information relating to execution of the command may be transmitted periodically 
or the information relating to execution of the command may be transmitted based on a threshold 
condition of the wireless device. 

In one aspect of the present invention, the transmitting step comprises the steps of 
transmitting registration information relating to the wireless device from the wireless device to the 
server, verifying the registration information at the server, estaWishing a DCB for the wkeless 
device at the server, placing a command for the wireless device in the DCB, delivering the 
command from the DCB to the wireless device, and executing the command at the wireless device. 

In one aspect of the present invention, the dehvering step comprises the steps of: 
establishing a connection between the wireless device and the server, transmitting a request for 
contents of the DCB from the wireless device to the server, and transmitting the contents of the 
DCB from the server to the wireless device. The connection may be established periodically or the 
connection maybe estabhshed based on a threshold condition. 
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In one aspect of the present invention, the delivering step comprises the steps of: 
establishing a connection between the wireless device and the server, transmitting the contents of 
the DCB from the server to the wireless device without a request from the wireless device, and 
accepting the contents of the DCB at the wireless device. The connection may be established 
periodically or the connection may be established based on a threshold condition. 

In one aspect of the present invention, the command comprises one of: enabling/disabling 
access of the wireless device to the server, enabling/disabling applications that may run on the 
wireless device, erasing all or part of contents of die wireless device, transmitting new programs and 
data to the wireless device, querying a current state of the wireless device, monitoring a level of a 
battery in the wireless device, and monitoring the location of the wireless device in the wireless 
network. 

In one aspect of the present invention, the method fiirther comprises the step of transmitting 
information relating to execution of the command at the wireless device from the wireless device to 
the server. The information relating to execution of the command may be transmitted periodically 
or the information relating to execution of the command may be transmitted based on a threshold 
condition of the wireless device. 

In another embodiment, the present invention is a method for remotely managing a wireless 
device over a wireless network comprising the steps of: receiving registration information from the 
wireless device, verifying the received registration information, placing a command for the wireless 
device in a Device Control Box (DCB), and delivering the command to the wireless device. 

In one aspect of the present invention, the delivering step comprises the steps of: 
establishing a connection with the wireless device, receiving a request for contents of the DCB from 
the wireless device, and transmitting the contents of the DCB to the wireless device. The 
connection may be established periodically or the connection may be established based on a 
threshold condition. 

In one aspect of the present invention, the delivering step comprises the steps of establishing 
a connection with the wireless device and transmitting the contents of the DCB to the wireless 
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device without a request from the wireless device. The connection may be established periodically 
or the connection may be established based on a threshold condition. 

In one aspect of the present invention, the command execution comprises the step of: 
verifying the signature of the command with the signature of the device and only then executing the 
received command. The signature may comprise one or more of the following: encrypted keys, 
physical identity of the device, logical identity of the device, a mapping between the logical identity 
and physical identity of the device, a mapping between device ownership and the origin of the 
command or explicit authentication. 

In one aspect of the present invention, the method further comprises the step of receiving 
information relating to execution of the command at the wireless device from the wireless device. 

Brief Description of ttie Drawings 

The details of the present invention, both as to its structure and operation, can best be 
understood by referring to the accompanying drawings, in which like reference numbers and 
designations refer to like elements. 

Fig. 1 is an exemplary block diagram of a network system in which the present invention 
may be implemented. 

Fig. 2a is an exemplary block diagram of a wireless network system 200 incorporating the 
remote management technique of the present invention. 

Fig. 2b is an exemplary block diagram of the use of a signaling channel shown in Fig. 2a in 
implementing the present invention. 

Fig. 3 is an exemplary block diagram of management server shown in Fig. 1. 

Fig. 4 is an exemplary flow diagram of a process for remotely managing devices over a 
wireless network, according to the present invention. 

Fig. 5 is a data flow diagram of the operation of the process shown in Fig. 4. 
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Detailed Description of the Invention 

An exemplary block diagram of a network system 100 in which the present invention may 
be implemented is shown in Fig. 1. Network system 100 includes telecommunications network 
102. Telecommunications network 102 provides communicative interconnection of a plurality of 
5 devices, such as client systems 106 A - 106Z and 1 lOA - 1 lOZ and servers 108 A - 108N and 1 12A - 
112N. Telecommunications network 102 may include one or more wireless networks and/or one or 
more wireline networks. The transmission media in a wireless network is typically electromagnetic 
radiation, such as radio waves or light, while the transmission media in a wireline network is wire, 
such as copper wire, or the equivalent of wire, such as fiber optic cable. The wireless 

10 telecommunications networks included in telecommunications network 102 may include, for 
example, digital cellular telephone networks, such as Global System for Mobile 
Telecommunications (GSM) networks. Personal Communication System (PCS) networks, etc. The 
wireline telecommunications networks included in telecommunications network 102 may include, 
for example, the Public Switched Telephone Network (PSTN), as well as proprietary local and long 

15 distance teleconmiunications networks. In addition, telecommunications network 102 may include 
digital data networks, such as one or more local area networks (LANs), one or more wide area 
networks (WANs), or both LANs and WANs. One or more networks may be included in 
telecommunications network 102 and may include both public networks, such as the Intemet, and 
private networks and may utilize any networking technology and protocol, such as Ethernet, Token 

20 Ring, Transmission Control Protocol/Intemet Protocol (TCP/IP), etc. 

Client systems 106A - 106Z and llOA - IIOZ may include any type of electronic data 
processing system or communication device. Examples of such electronic data processing system 
include personal computer systems, such as desktop or laptop computers, workstation computer 
systems, server computer systems, networks of computer systems, personal digital assistants 

25 (PDAs), wkeless communications devices, such as cellular telephones, etc. In an embodiment in 
which the client systems are computer systems, the computer systems may coimect directly to 
network 102, or the computer systems may connect indirectly to network 102 through one or more 
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Other networks, gateways, firewalls, etc. Likewise, the connection to networic 102 may be wired, 
wireless, or a combination of wired and wireless. In an embodiment in which the client systems are 
other types of devices, such as PDAs or telephone devices, the connection to network 102 may be 
direct or indirect, wired, wireless, or a combination of wired and wireless, as is appropriate. 
5 Typically, the user interface of client systems 106 A - 106Z and 11 OA - IIOZ is a graphical user 
interface, but other interfaces may be used as well For example, the client systems may include 
conventional landline telephones or cellular telephones communicatively connected to a touch-tone 
response unit or a voice response unit, which accepts touch-tone or voice conmiands and transmits 
them over network 102 and which receives responses over network 102, converts the received 

10 responses to audio, and transmits the received responses to the client systems. 

Management server 114 is also communicatively connected to network 102. Management 
server 114 interfaces with telecommunications network 102 and with multiple servers and clients 
that are connected to telecommunications network 102 and provides remote management of those 
servers and clients over telecommunications network 102. 

15 An exemplary block diagram of a wireless network system 200 incorporating the remote 

management technique of the present invention is shov^ in Fig. 2a, System 200 includes 
telecommunications network 102, management server 114, gateway 201, and a plurality of remotely 
managed devices 202 A - 202Z. Telecommunications network 102 may include one or more 
communications channels 204. Communications channels 204 may cany a variety of 

20 communications traffic, such as telephone voice and data calls, packet-based data traffic, and 
signaling data relating to the telecommunications traflBc and the configuration of 
telecommunications network 102. For example, communications channels 204 may include the 
well-known General Packet Radio Service (GPRS). 

Remotely managed devices 202A - 202Z may include both client and server systems shown 

25 in Fig. 1. Each remotely manage device includes a management agent 208, which is typically a 
sofhyare process that provides the capability for management server 114 to remotely manage the 
device. Management server 114 communicates with the each remotely managed device using 
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communications channels 204 of telecommunications network 102. Management server 114 is 
communicatively connected to signaling channel 206 via gateway 201. The information that is 
communicated is directed to or originated from the management agent that is running on the device. 
Management server 114 typically transmits commands to each remotely managed device. These 
5 commands are directed to the management agent running on the device and are then carried out on 
the device under the control of the management agent. Typical commands that may be transmitted 
from management server 114 are enabling/disabling access of the remotely managed device to the 
server, enabling/disabling applications that may run on the remotely managed device, erasing all or 
part of the device contents, such as programs and data, transmitting new programs and data to a 
10 device, querying the current state of the device, etc. Some commands cause the remotely managed 
device to transmit data to management server 1 14. In this situation, the management agent on the 
device originates a transmission of the data to management server 114 over telecommunications 
network 102. 

General Packet Radio Service (GPRS) is the high-speed data evolution of GSM. GPRS 
15 supports Internet Protocol (IP), enabling access to Internet and intranet content and applications 
from GPRS wireless devices. The anticipated data rate for GPRS is 115 Kbps and throughput 
rates of 30-60 Kbps have been achieved initially. The General Packet Radio Service (GPRS) is a 
new nonvoice value added service that allows information to be sent and received across a mobile 
telephone network. It supplements today's Circuit Switched Data and Short Message Service. 
20 Theoretical maximum speeds of up to 171.2 kilobits per second (kbps) are achievable 

with GPRS using all eight timeslots at the same time. This is about three times as fast as the data 
transmission speeds possible over current fixed telecommunications networks and ten times as 
fast as current Circuit Switched Data services on GSM networks. By allowing information to be 
transmitted more quickly, immediately and efficiently across the mobile network, GPRS may well 
25 be a relatively less costly mobile data service compared to SMS and Circuit Switched Data. 

GPRS facilitates instant connections whereby information can be sent or received 
immediately as the need arises, subject to radio coverage. No dial-up modem connection is 
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necessary. This is why GPRS users are sometimes referred to be as being "always connected". 
Immediacy is one of the advantages of GPRS (and SMS) when compared to Circuit Switched 
Data. High immediacy is a very important feature for time critical applications such as remote 
credit card authorization where it would be unacceptable to keep the customer waiting for even 
5 thirty extra seconds. 

GPRS facilitates several new applications that have not previously been available over 
GSM networks due to the limitations in speed of Circuit Switched Data (9.6 kbps) and message 
length of the Short Message Service (160 characters). GPRS will fully enable the Internet 
applications you are used to on your desktop from web browsing to chat over the mobile network. 

10 Other new applications for GPRS, profiled later, include file transfer and home automation- the 
ability to remotely access and control in-house appliances and machines. 

GPRS involves overlaying a packet based air interface on the existing circuit switched 
GSM network. This gives the user an option to use a packet-based data service. To supplement a 
circuit switched network architecture with packet switching is quite a major upgrade. However, 

15 as we shall see later, the GPRS standard is delivered in a very elegant maimer- with network 
operators needing only to add a couple of new infrastructure nodes and making a software 
upgrade to some existing network elements. 

With GPRS, the information is split into separate but related "packets" before being 
transmitted and reassembled at the receiving end. Packet switching is similar to a jigsaw puzzle- 

20 the image that the puzzle represents is divided into pieces at the manufacturing factory and put 
into a plastic bag. During transportation of the now boxed jigsaw from the factory to the end 
user, the pieces get jumbled up. When the recipient empties the bag with all the pieces, they are 
reassembled to form the original image. All the pieces are all related and fit together, but the way 
they are transported and assembled varies. The Internet itself is another example of a packet data 

25 network, the most famous of many such network types. 

Packet switching means that GPRS radio resources are used only when users are actually 
sending or receiving data. Rather than dedicating a radio channel to a mobile data user for a fixed 
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period of time, the available radio resource can be concurrently ishared between several users. 
This efficient use of scarce radio resources means that large numbers of GPRS users can 
potentially share the same bandwidth and be served from a single cell. The actual number of 
users supported depends on the application being used and how much data is being transferred. 
Because of the spectrum efficiency of GPRS, there is less need to build in idle capacity that is 
only used in peak hours. GPRS therefore lets network operators maximize the use of their 
network resources in a dynamic and flexible way, along with user access to resources and 
revenues. 

GPRS should improve the peak time capacity of a GSM network since it simultaneously 
allocates scarce radio resources more efficiently by supporting virtual cormectivity and migrates 
traffic that was previously sent using Circuit Switched Data to GPRS instead, and reduces SMS 
Center and signaling channel loading by migrating some traffic that previously was sent using 
SMS to GPRS instead using the GPRS/ SMS interconnect that is supported by the GPRS 
standards. 

GPRS fully enables Mobile Internet functionality by allowing interworking between the 
existing Internet and the new GPRS network. Any service that is used over the fixed Internet 
today- File Transfer Protocol (FTP), web browsing, chat, email, tebiet- will be as available over 
the mobile network because of GPRS. In fact, many network operators are considering the 
opportunity to use GPRS to help become wireless Intemet Service Providers in their own right. 

Because it uses the same protocols, the GPRS network can be viewed as a sub-network of 
the Intemet with GPRS capable mobile phones being viewed as mobile hosts. This means that 
each GPRS terminal can potentially have its own IP address and will be addressable as such. 

The use of GPRS in implementing the present invention is shown in Fig. 2b. As shown, a 
management server 114 conununicates a control payload 210 with a remotely managed device, 
such as remotely managed device 202 A. Control payload 210 includes information that is used to 
control aspects of the operation of remotely managed device 202A, such as commands to the 
device, status information from the device, etc. Control payload 210 is carried in one or more 
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SMS messages to remotely managed device 202 A. Management server 114 generates messages 
that include the information to be included in control payload 210 and transmits these messages 
to gateway 201, which is typically a Gateway GPRS Service Node (GGSN). The GGSN acts as a 
gateway between the GPRS network and Public Data Networks such as IP and X.25. GG;SNs 
5 also connect to other GPRS networks to facilitate GPRS roaming. Messages received from 
management server 114 are transmitted and/or received as push/pull IP messages 212. The 
messages are transported using the GPRS network, which may be a Transmission Control 
Protocol/Intemet Protocol (TCP/IP) transport service 214 or a User Datagram Protocol/Internet 
Protocol (UDP/IP) transport service 214. UDP is a connectionless protocol that, like TCP, runs 

10 on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, 
offering instead a direct way to send and receive datagrams over an IP network. 

The connection between management server 1 14 and GGSN 201 is typically an APN 216. 
In addition to management server 1 14, other networks, such as enterprise networks and/or virtual 
private networks (VPN) 218 may communicate with GGSN 20L The connection between the 

15 enterpriseATN networks and GGSN 201 is typically a shared or common APN 220. APN 216 is 
distinct from APN 220, that is, APN 216 is not a shared or common APN. 

Control payload 210 may also include information from remotely managed device 202A, 
which is carried in one or more IP messages from remotely managed device 202A to management 
server 1 14. Remotely managed device 202A generates messages that include the information to 

20 be included in control payload 210, formats the messages into IP messages that may be sent using 
the TCP/IP or UDP/IP transport services 214, and transmits the messages using service 214. The 
IP messages are transported using the signaling network, such as SS7 signaling network 214 and 
delivered, via the GGSN gateway 201, to management server 1 14, which extracts control payload 
210 from the message. 

25 An exemplary block diagram of management server 1 14 is shown in Fig. 3. Management 

server II4 is typically a programmed general-purpose computer system, such as a personal 
computer, workstation, server system, and minicomputer or mainframe computer. Management 
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server 114 includes processor (CPU) 302, input/output circuitry 304, network adapter 306, and 
memory 308. CPU 302 executes program instructions in order to carry out the functions of the 
present invention. Typically, CPU 302 is a microprocessor, such as an INTEL PENTIUM® 
processor, but may also be a minicomputer or mainframe computer processor. Fig. 3 illustrates 
5 an embodiment in which management server 114 is implemented as a single processor computer 
system. However, the present invention contemplates embodiments in which management server 
1 14 is implemented as a multi-processor system, in which multiple processors 302A-402N share 
system resources, such as memory 308, input/output circuitry 304, and network adapter 306. The 
present invention also contemplates embodiments in which management server 114 is 

10 implemented as a plurality of networked computer systems, which may be single-processor 
computer systems, multi-processor computer systems, or a mix thereof. 

Input/output circuitry 304 provides the capability to input data to, or output data from, 
computer system 300. For example, input/output circuitry may include input devices, such as 
keyboards, mice, touchpads, trackballs, scanners, etc., output devices, such as video adapters, 

15 monitors, printers, etc., and input/output devices, such as, modems, etc. Network adapter 306 
interfaces management server 114 with gateway 201, which communicatively connects 
management server 1 14 with signaling channel 206 of telecommunications network 102, shown 
in Fig 1 . 

Memory 308 stores program instructions that are executed by, and data that are used and 
20 processed by, CPU 302 to perform the functions of die present invention. Memory 308 may 
include electronic memory devices, such as random-access memory (RAM), read-only memory 
(ROM), programmable read-only memory (PROM), electrically erasable programmable read-only 
memory (EEPROM), flash memory, etc., and electro-mechanical memory, such as magnetic disk 
drives, tfi^e drives, optical disk drives, etc., which may use an integrated drive electronics (IDE) 
25 interface, or a variation or enhancement thereof, such as enhanced IDE (HIDE) or ultra direct 
memory access (UDMA), or a small computer system interface (SCSI) based interface, or a 
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variation or enhancement thereof, such as fast-SCSI, wide-SCSI, fast and wide-SCSI, etc, or a 
fiber channel-arbitrated loop (FC-AL) interface. 

Memory 308 includes management data 312, mailbox 314, management protocol routines 
316, management processing routines 318, and operating system 320. Management data 312 
5 includes data relating to each remotely managed device being managed by management server 
1 14. Management data 312 includes data such as the current state and identity of each remotely 
managed device. This data is obtained from the management agent running on each remotely 
managed device. Mailbox 314 stores commands that are to be delivered to remotely managed 
devices so that the devices can retrieve the commands. Management protocol routines 316 

10 include software that implements the protocols that commimicate the remote management 
conmiands to devices over telecommunications network 102. Management processing routines 
318 include software that receives or determines the remote management conunands that are to be 
communicated to the remotely managed devices by management protocol routines 314. 
Operating system 320 provides overall system fimctionality. 

15 A process 400 for remotely managing devices over a GPRS channel, according to the 

present invention, is shown in Fig. 4. It is best viewed in conjunction with Fig. 5, which is a data 
flow diagram of the operation of process 400. Process 400 begins with step 402, in which a 
remotely managed device, such as remotely managed device 502, is activated. Device 502 runs 
management agent 504, which transmits registration event message 506 to management server 

20 508. Registration event message 506 includes information identifying device 502 and 
mformation relating to the state of the device. Registration event message 506, and all 
communications between device 502 and management server 508, is transmitted using a security 
protocol that ensures that only authorized remotely managed devices, running authorized 
management agents, can communicate with management server 506. Preferably, the security 

25 mechanism used is based on public key encryption, but any other security mechanism that 
provides adequate security may also be used. 
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In step 404, the management server verifies the registration event by checking the validity 
of the information contained in registration event message 506. In particular, management server 
508 verifies the identity of remotely managed device 502. Upon verification of device 502, 
management server 508 registers device 502 by storing registration information relating to device 
5 502 in management data 510. The registration information includes the identity and state of 
device 502. Management server 508 establishes a mailbox 512 for the newly registered remotely 
managed device 502. Management server 506 also transmits a message 514 acknowledging 
successful registration of remotely managed device 502 to the device. 

In step 406, management server 508 places commands intended for remotely managed 
1 0 device 502 in DCB 5 1 2. Such commands may include, for example: 

• enabling/disabling access of the remotely managed device to the server (Lock/Unlock the 
device) 

• enabling/disabling appUcations that may run on the remotely managed device 

• erasing all or part of the device contents, such as programs and data 
15 • transmitting new programs and data to a device 

• querying the current state of the device 

• monitoring the level of the battery in the device 

• monitoring the location of the device in the wireslesis network, including foreign networks 

• verifying that the command signature is in agreement with the signature of the device 
20 • Reconfiguring applications that may run on the remotely managed device 

In steps 408 and 410, the commands stored in DCB 512 are delivered to the remotely 
managed device. In particular, in step '408, a connection 516 is established between management 
agent 504, running on remotely managed device 502, and management server 508. Upon 
connection 516 being established, the commands that were stored in DCB 512 in step 406 are 
25 transmitted 518 to device 502. This protocol is applicable to both push and pull devices. A pull 
devices is a device that must request data before the data is transmitted to the device. A push device 
is a device to which data is transmitted without the device requesting the data, but which will 
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nevertheless accept the data. In an embodiment in which remotely managed device 502 is a pull 
device, the management agent running on device 502 will occasionally connect to management 
server 508 and request the commands in DCB 512. In an embodiment in which remotely managed 
device 502 is a push device, management server 508 will occasionally connect to remotely managed 
5 device 502 and transmit the commands in DCB 512 to management agent 504. In both 
embodiments, the connections may be made periodically, based on some defined time interval, or 
they may be made based on predefined threshold conditions. 

In step 410, management agent 504 executes the retrieved commands and transmits a 
notification message 520 that informs management server 508 of the results of executing each 

10 command. In addition, if one or more of the commands were to monitor parameters of remotely 
managed device 502, then, in step 412, management agent 504 will transmit the monitored 
information 522 to management server 508. The transmission may be periodic, based on some 
defined time interval, or they may be based on the values of certain parameters of device 502 in 
relation to predefined threshold conditions. The time intervals or threshold conditions may be 

15 inherent in device 502, or they may be transmitted as parameters or data related to the commands 
that were retrieved by device 502. 

It is important to note that while the present invention has been described in the context of a 
fully fimctioning data processing system, those of ordinary skill in the art will appreciate that the 
processes of the present invention are capable of being distributed in the form of a computer 

20 readable medium of instructions and a variety of forms and that the present invention applies 
equally regardless of the particular type of signal bearing media actually used to carry out the 
distribution. Examples of computer readable media include recordable-type media such as floppy 
disc, a hard disk drive, RAM, and CD-ROM's, as well as transmission-type media, such as digital 
and analog communications links. 

25 Although specific embodiments of the present invention have been described, it will be 

understood by those of skill in the art that there are otiier embodiments that are equivalent to the 
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described embodiments. Accordingly, it is to be understood that the invention is not to be limited 
by the specific illustrated embodiments, but only by the scope of the appended claims. 
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CLAIMS 

What is claimed is: 

1 1. A method for remotely managing a wireless device over a telecommunications network 

2 comprising a server and the wireless device, the method comprising the steps of: 

3 establishing a communicative connection between the server and the wireless device over a 

4 packet radio channel of the telecommunications network; 

5 transmitting a command torn the server to the wireless device over the packet radio 

6 channel; and 

7 executing the command at the wireless device after verifying the signature of the command 

8 and signature of the device is in agreement. 

1 2. The method of claim 1, wherem the packet radio channel of the telecommunications 

2 network comprises a General Packet Radio Service channel. 

1 3. The method of claim 2, wherein the transmitting step comprises the step of: 

2 transmitting the command to a management agent process executing on the wireless device. 

1 4. The method of claim 3, wherein the transmitting step comprises the step of: 

2 transmitting the command to a management agent process executing on the wireless device 

3 in a Short Message Service message. 

1 5. The method of claim 2, wherein the transmitting step comprises the step of: 

2 transmitting the command to a management agent process executing on the wireless device. 

1 6. The method of claim 5, wherein the communicative connection is established periodically. 
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1 7. The method of claim 5, wherein the communicative connection is established based on a 

2 threshold condition. 

1 8. The method of claim 5, wherein the command comprises at least one of: 

2 enabling/disabling access of the wireless device to the server; 

3 enabling/disabling applications that may run on the wireless device; 

4 erasing all or part of contents of the wireless device; 

5 transmitting new programs and data to the wireless device; 

6 querying a current state of the wireless device; 

7 monitoring a level of a battery in the wireless device; 

8 monitoring a location of the wireless device in the wireless network; and 

9 reconfiguring applications that may run on the wireless device. 

1 9. The method of claim 8, further comprising the step of: 

2 transmitting information relating to execution of the command at the wireless device fit>m 

3 the wireless device to the server. 

1 10, The method of claim 9, wherein the information relating to execution of the command is 

2 transmitted periodically. 

1 11. The method of claim 9, wherein the information relating to execution of the command is 

2 transmitted based on a threshold condition of the wireless device, 

1 1 2. The method of claim 2, wherein the transmitting step comprises the step of: 

2 transmitting registration information relating to the wireless device from the wireless device 

3 to the server; 

4 verifying the registration information at the server; 
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5 establishing a DCB for the wireless device at the server; 

6 placing a command for the wireless device in the DCB ; and 

7 dehvering the command from the DCB to the wireless device. 

1 13. The method of claim 1 2, wherein the delivering step comprises the steps of: 

2 establishing a connection between the wireless device and the server; 

3 transmitting a request for contents of the DCB from the wireless device to the server; and 

4 transmitting the contents of the DCB from the server to the wireless device. 

1 1 4. The method of claim 1 3, wherein the cormection is established periodically. 

1 15. The method of claim 13, wherein the connection is established based on a threshold 

2 condition. . 

1 16. The method of claim 12, wherein the dehvering step comprises the steps of: 

2 establishing a connection between the wireless device and the server; 

3 transmitting the contents of the DCB from the server to the wireless device without a request 

4 from the wireless device; and 

5 accepting the contents of the DCB at the wireless device. 

1 17. The method of claim 1 4, wherein the connection is established periodically. 

1 18. The method of claim 14, wherein the connection is established based on a threshold 

2 condition. 

1 1 9. The method of claim 12, wherein the command comprises one of: 

2 enabling/disabling access of the wireless device to the server; 
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3 enabling/disabling applications that may run on the wireless device; 

4 erasing all or part of contents of the wireless device; 

5 transmitting new programs and data to the wireless device; 

6 querying a current state of the wireless device; 

7 monitoring a level of a battery in the wireless device; 

8 monitoring a location of the wireless device in the wireless network; and 

9 reconfiguring applications that may run on the wireless device. 

1 20. The method of claim 1 2, further comprising the step of: 

2 transmitting information relating to execution of the command at the wireless device fi-om 

3 the wireless device to the server. 

1 21. The method of claim 21, wherein the information relating to execution of the conmiand is 

2 transmitted periodically. 

1 22. The method of claim 21, wherein the information relating to execution of the command is 

2 transmitted based on a threshold condition of the wireless device. 

1 23. A method for remotely managing a wireless device over a telecommunications network 

2 comprising the steps of: 

3 establishing a communicative connection witii the wireless device over a packet radio 

4 channel of the telecommunications network; and 

5 transmitting a command to the wireless device over the packet radio channel; and 

6 executing the command at the wireless device. 

1 24. The method of claim 23, wherein the packet radio channel of tiie telecommunications 

2 network comprises a General Packet Radio Service channel. 
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1 25. The method of claim 24, wherein the transmitting step comprises the step of: 

2 transmitting the command to a management agent process executing on the wireless device. 

1 26. The method of claim 25, wherein the transmitting step comprises the step of: 

2 transmitting the command to a management agent process executing on the wireless device 

3 in a Short Message Service message. 

1 27, The method of claim 24, wherein the transmitting step comprises the step of: 

2 transmitting the command to a management agent process executing on the wireless device. 

1 28. The method of claim 27, wherein the communicative connection is established periodically. 

1 29. The method of claim 27, wherein the communicative connection is established based on a 

2 threshold condition. 

1 30. The method of claim 27, wherein the command comprises at least one of: 

2 enabling/disabling access of the wireless device to the server; 

3 enabling/disabling applications that may run on the wireless device; 

4 erasing all or part of contents of the wireless device; 

5 transmitting new programs and data to the wireless device; 

6 querying a current state of the wireless device; 

7 monitoring a level of a battery in the wireless device; 

8 monitoring a location of the wireless device in the wireless network; and 

9 reconfiguring applications that may run on the wireless device. 

1 31. The method of claim 29, further comprising the step of: 
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2 transmitting information relating to execution of the command at the wireless device from 

3 the wireless device to the server. 

1 32. The method of claim 31, wherein the information relating to execution of the command is 

2 transmitted periodically. 

1 33. The method of claim 26, wherein the transmitting step comprises the steps of: 

2 receiving registration information from the wireless device; 

3 verifying the received registration information; 

4 placing a command for the wireless device m a DCB ; and 

5 delivering the command to the wireless device. 

1 34. The method of claim 33, wherein the delivering step comprises the steps of: 

2 establishing a connection with the wireless device; 

3 receiving a request for contents of the DCB from the wireless device; and 

4 transmitting the contents of the DCB to the wireless device. 

1 35. The method of claim 34, wherein the connection is established periodically. 

1 36. The method of claim 34, wherein the connection is established based on a threshold 

2 condition. 

1 37. The method of claim 33, wherein the delivering step comprises the steps of: 

2 establishing a connection with the wireless device; and 

3 transmitting the contents of the DCB to the wireless device without a request from the 

4 >yireless device. 
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38. The method of claim 37, wherein the connection is established periodically. 

39. The method of claim 37, wherein the connection is established based on a threshold 
condition. 

40. The method of claim 33, wherein the command comprises one of: 
enabling/disabling access of the wireless device to the server; 
enabling/disabling applications that may run on the wireless device; 
erasing all or part of contents of the wireless device; 
transmitting new commands and parameters to the wireless device; 
querying a current state of the wireless device; 

monitoring a level of a battery in the wireless device; and 
monitoring a location of the wireless device in the wireless network. 

41 . The method of claim 33, further comprising the step of: 

receiving information relating to execution of the command at the wireless device from the 
wireless device. 

42. A system for remotely managing a wireless device over a wireless network, the system 
comprising: 

a processor operable to execute computer program instructions; and 

a memory operable to store computer program instructions executable by the processor, 
for performing the steps of: 

establishing a conmiunicative connection between the server and the wireless device over a 
packet radio channel of the teleconununications network; 

transmitting a cpnmiand from the server to the wireless device over the packet radio 
channel; and 
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executing the command at the wireless device. 

43. The system of claim 42, wherein the packet radio channel of the telecommunications 
network comprises a General Packet Radio Service channel. 

44. The system of claim 43, wherein the transmitting step comprises the step of: 
transmitting the command to a management agent process executing on the wireless device. 

45. The system of claim 44, wherein the transmitting step comprises the step of: 
transmitting the command to a management agent process executing on the wireless device 

in a Short Message Service message. 

46. The system of claim 43, wherein the transmitting step comprises the step of: 
transmitting the command to a management agent process executing on the wireless device. 

47. The system of claim 46, wherein the communicative connection is established periodically. 

48. The system of claim 46, wherein the communicative connection is established based on a 
threshold condition. 

49. The system of claim 46, wherein the command comprises at least one of: 
enabling/disabling access of the wireless device to the server; 
enabling/disabling ^q^plications that may run on the wireless device; 
erasing all or part of contents of the wireless device; 

transmitting new commands and parameters to the wireless device; 
querying a current state of the wireless device; 
monitoring a level of a battery in the wireless device; 
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monitoring a location of the wireless device in the wireless network; and 
reconfiguring applications that may run on the wireless device. 

50. The system of claim 49, further comprising the step of: 

transmitting information relating to execution of the command at the wireless device from 
the wireless device to the server. 

51. The system of claim 50, wherein the information relating to execution of the command is 
transmitted periodically. 

52. The system of claim 50, wherein the information relating to execution of the command is 
transmitted based on a threshold condition of the wireless device. 

53. The system of claim 43, wherein the transmitting step comprises the step of: 
receiving registration information from the wireless device; 

verifying the received registration information; 

placing a command for the wireless device in a DCB ; and 

delivering the command to the wireless device. 

54. The system of claim 53, wherein the delivering step comprises the steps of: 
establishing a connection with the wireless device; 

receiving a request for contents of the DCB from the wireless device; and 
transmitting the contents of the DCB to the wireless device. 

55. The system of claim 54, wherein the connection is established periodically. 
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56. The system of claim 54, wherein the connection is established based on a threshold 
condition. 

57. The system of claim 53, wherein the delivering step comprises the steps of: 
establishing a connection with the wireless device; and 

transmitting the contents of the DCB to the wireless device without a request from the 
wireless device. 

58. The system of claim 57, wherein the connection is established periodically. 

59. The system of claim 57, wherein the connection is established based on a threshold 
condition. 

60. The system of claim 53, wherein the command comprises at least one of: 
enabling/disabling access of the wireless device to the server; 
enabling/disabling applications that may run on the wireless device; 
erasing all or part of contents of the wireless device; 

transmitting new programs and data to the wireless device; 

querying a current state of the wireless device; 

monitoring a level of a battery in the wireless device; 

monitoring a location of the wireless device in the wireless network; and 

reconfiguring ^plications that may run on the wireless device. 

6 1 . The system of claim 53, further comprising the step of: 

receiving information relating to execution of the command at the wireless device from the 
wireless device. 
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1 62. A computer program product for remotely managing a wireless device over a wireless 

2 network, comprising: 

3 a computer readable medium; 

4 computer program instructions, recorded on the computer readable medium, executable by 

5 a processor, for performing the steps of 

6 establishing a communicative connection between the server and the wireless device over a 

7 packet radio channel of the telecommunications network; 

8 transmitting a command from the server to the wireless device over the packet radio 

9 channel; and 

1 0 executing the command at the wireless device. 

1 63. The computer program product of claim 62, wherein the packet radio channel of the 

2 telecommunications network comprises a General Packet Radio Service channel. 
1 

2 64. The computer program product of claim 63, wherein the transmitting step comprises the step 

3 of: 

4 transmitting the command to a management agent process executing on the wireless device, 

1 65. The computer program product of claim 64, wherein the transmitting step comprises the step 

2 of: 

3 transmitting the command to a management agent process executing on the wireless device 

4 in a Short Message Service message. 

1 66. The computer program product of claim 63, wherein the transmitting step comprises the step 

2 of: 

3 transmitting the command to a management agent process executing on the wireless device. 
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1 67. The computer program product of claim 66, wherein the communicative connection is 

2 established periodically. 

1 68. The computer program product of claim 66, wherein the communicative connection is 

2 established based on a threshold condition. 

1 69. The computer program product of claim 66, wherein the command comprises at least one of: 

2 enabling/disabling access of the wireless device to the server; 

3 enabling/disabling applications that may run on the wireless device; 

4 erasing all or part of contents of the wireless device; 

5 transmitting new programs and data to the wireless device; 

6 querying a current state of the wireless device; 

7 monitoring a level of a battery in the wireless device; 

8 monitoring a location of the wireless device in the wireless network; and 

9 reconfiguring applications that may run on the wireless device. 

1 70. The computer program product of claim 69, further comprising the step of: 

2 transmitting information relating to execution of the command at the wireless device from 

3 the wireless device to the server. 

1 71. The computer program product of claim 70, wherein the information relating to execution of 

2 the command is transmitted periodically. 



1 



72. The computer program product of claim 70, wherein the information relating to execution of 



2 the command is transmitted based on a threshold condition of the v^dreless device. 
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1 73. The computer program product of claim 63, wherein ttie transmitting step comprises the step 

2 of: 

3 receiving registration information from the wireless device; 

4 verifying the received registration information; 

5 placing a command for the wireless device in a DCB ; and 

6 delivering the command to the wireless device. 

1 74. The computer program product of claim 73, wherein the delivering step comprises the steps 

2 of: 

3 establishing a connection with the wireless device; 

4 receiving a request for contents of the DCB from the wireless device; and 

5 transmitting the contents of the DCB to the wireless device. 

1 75. The computer program product of claim 74, wherein the connection is estabhshed 

2 periodically. 

1 76. The computer program product of claim 74, wherein the connection is established based on 

2 a threshold condition. 

1 77. The computer program product of claim 73, wherein the delivering step comprises the steps 

2 of: 

3 establishing a connection with the wireless device; and 

4 transmitting the contents of the DCB to the wireless device without a request from the 



5 wireless device. 

1 78. The computer program product of claim 77, wherein the connection is established 

2 periodically. 
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1 79. The computer program product of claim 77, wherein the connection is established based on 

2 a threshold condition. 

1 80. The computer program product of claim 73, wherein the command comprises one of: 

2 enabling/disabling access of the wireless device to the server; 

3 enabling/disabling applications that may run on the wireless device; 

4 erasing all or part of contents of the wireless device; 

5 transmitting new programs and data to the wireless device; 

6 querying a current state of the wireless device; 

7 monitoring a level of a battery in the wireless device; 

8 monitoring a location of the wireless device in the wireless network; and 

9 reconfiguring ^plications that may run on the wireless device. 

1 81. The computer program product of claim 73, further comprising the step of: 

2 receiving information relating to execution of the command at the wireless device from the 

3 wireless device. 
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